IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
A customer complained that after upgrading to Samba 4.0 fileserver
its LDAP server was flooded with uid2sid and gid2sid request for id
0. With 4.0 we do a lot more user-space ACL checking which involves
uid2sid/gid2sid. This caches the corresponding results.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 7 12:00:10 CET 2015 on sn-devel-104
Trying to establish a netlogon connection when the service ticket
expires might fail with NT_STATUS_NETWORK_SESSION_EXPIRED. The
underlying client code already marks the session as invalid, so retry
the netlogon connect in this case.
Signed-off-by: Christof Schmit <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 6 02:58:57 CET 2015 on sn-devel-104
This will prepare a msghdr for receiving fd's. Same pattern as before: First
get the buffer size, then fill in msghdr.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is a copy of the extract_fd_array_from_msghdr routine in unix_msg.c, with
a similar use pattern: First call it without an output array to get the length
and then call it a second time to actually fill in the array.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is a little set of routines to deal with the ugly fd-passing macros.
This patch is the first step assisting the creation of msghrds for sending fds.
Receiving fd helpers will follow later.
The basic idea behind these routines is that they fill a variable-sized buffer.
They are supposed to be called twice per msghdr preparation. First with a
0-sized NULL output buffer to calculate the required bufsize, and then a second
time filling in the buffer as such.
This does not take care of the old msg_accrights way of passing file
descriptors. CMSG/SCM_RIGHTS is standardized for quite a while now, and I
believe this intreface can be made to also take care of msg_accrights if
needed.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
As an AC Domain Controller we should try CLDAP for active directory domains.
E.g. FreeIPA domains doesn't provide NBT at all...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jan 5 19:23:40 CET 2015 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 1 02:47:59 CET 2015 on sn-devel-104
This chops off n bytes from an iovec array. Used for short writev's
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Dec 28 04:20:48 CET 2014 on sn-devel-104
When the underlying session expires, the LogonControl RPC call used in
ping-dc returns NT_STATUS_IO_DEVICE_ERROR. Retry once in this case,
instead of returning the error to the caller.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 23 02:46:34 CET 2014 on sn-devel-104
If an error is returned without zeroing a pre-allocated @info pointer,
then marshalling of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
If an error is returned without zeroing a pre-allocated @info pointer,
then marshalling of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
If an error is returned without zeroing a pre-allocated @info pointer,
then marshalling of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
In handling a spoolss GetForm request, the handler may return an
immediate error if one of the input parameters is invalid. If this is
done without zeroing the pre-allocated @info pointer, then marshalling
of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
In handling a spoolss GetPrinterDriver2 request, the handler may
return an immediate error if one of the input parameters is invalid.
If this is done without zeroing the pre-allocated @info pointer, then
marshalling of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
In handling a spoolss GetJob request, the _spoolss_GetJob() handler may
return an immediate error if one of the input parameters is invalid. If
this is done without zeroing the pre-allocated @info pointer, then
api_spoolss_GetJob() will attempt to marshall @info, which in the case
of an @offered value of zero results in a marshalling error:
ndr_push_error(7): Bad subcontext (PUSH) content_size 64 is larger
than size_is(0)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
If both ends have a dns domain, we can use SEC_CHAN_DNS_DOMAIN in order to match
a Windows DC.
For kerberos we still need to use MY_NETBIOS_DOMAIN$@REMOTE_REALM.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We have the password as raw UTF16 blob, which might not be
valid utf16, so we need to use cli_credentials_set_utf16_password().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This way we pass down enough information for SEC_CHAN_DNS_DOMAIN to work.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If we're a member or RWDC there's no need to require talking to a rwdc,
an rodc will forward the request if required.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We need to call init_dc_connection_rpc() before we can decide if we want to try
NCACN_IP_TCP.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will simplify the callers and add potential support for SEC_CHAN_DNS_DOMAIN
as cli_credentials_get_realm() will return the correct value compared to
cli_credentials_get_domain().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This simplifies the callers, then can just pass in a cli_credentials structure.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should not try to connect to the given domain from within the winbindd parent.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This means "wbinfo --ping-dc" works fine on a DC.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Dec 18 19:19:04 CET 2014 on sn-devel-104
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10803
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Jeremy Allison <jra@samba.org>
This trust account is usable for SMB authentication via kerberos,
so we should try that if we think the domain is active directory.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should not crash with machine_password==NULL.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Forcing NT_STATUS_UNSUCCESSFUL is not a good idea, we should return
NT_STATUS_LOGON_FAILURE instead.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
NT_STATUS_NOT_IMPLEMENTED lets it fallback to the old get_trust_pw_clear2()
code.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 18 06:46:05 CET 2014 on sn-devel-104
In a cluster this can be called with an empty record, while
brl_parse_data() relies on an initialized structure.
This is a regression in commit 837e29035c.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10911
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Gluster changed the key used to do get_real_filename
in 3.5. This changes Samba's glusterfs vfs-module
to use the same key.
This will render SMB_VFS_GET_REALFILENAME() working
again under 3.5 and will remove support for that functionality
for Gluster 3.4 and older.
Signed-off-by: raghavendra talur <raghavendra.talur@gmail.com>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Signed-off-by: Poornima G <pgurusid@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Dec 17 16:35:37 CET 2014 on sn-devel-104
notify_msg won't need to construct the path anymore, it will be able to
put the parts into iovecs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 16 21:22:26 CET 2014 on sn-devel-104
This repeatedly listens on msg_type. It's similar to messaging_register
with talloc based autocleanup. The handler is free to talloc_move a way
the record for later use.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
In the notifyd code it will be very helpful to fake source server_ids
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This will enable messaging3 users to more easily register themselves
under a name
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
In the meantime smbstatus tries to collection information from tdb's
which are only accessible by root as they contain sensitive information
like session keys and other secrets. This means smbstatus can no longer
be executed as a user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11012
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Dec 16 18:54:41 CET 2014 on sn-devel-104
If signing is not required we should not require it for reauthentication.
Windows clients would otherwise fail to reauthenticate.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Rewviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 12 02:09:24 CET 2014 on sn-devel-104
This does not join the DC itself, so as not to pertrub the test
environment mid-run, but does confirm that the join works and the
password can be changed.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec 11 21:40:27 CET 2014 on sn-devel-104
This account is otherwise just like the workstation trust acocunt, so use that code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10891
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10891
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
This partially reverts 15f6e27bd5.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10891
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
snapview client in gluster would require connectpath
in order add snapdir entry to readdir result.
Signed-off-by: raghavendra talur <raghavendra.talur@gmail.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Dec 10 16:38:27 CET 2014 on sn-devel-104
As Samba allows us to share subdirs, lets re-use preopened
connections to glusterfs only if they are for same volume
AND same connectpath.
Signed-off-by: raghavendra talur <raghavendra.talur@gmail.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Normally, I'm trying to simplify things with early returns. But in
this case I think the reverse makes the if-condition easier to
understand
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 9 06:37:24 CET 2014 on sn-devel-104
This will make it easier to integrate into proper memory hierarchies.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
"notify_event" only reports names relative to some path that is only
implicitly known via "private_data". Right now "private_data" is the fsp
of the directory holding this notify. I want to use inotify_watch in a
notify-daemon that does not have a fsp available and has more problems
getting the path right out of "private_data". notify_inotify has the
directory under which the event happened available, so make it known to
the callback. Right now no caller uses it yet.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
More like a cleanup, but I want to use inotify_watch in notifyd
that I would like to keep as light as possible
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
tallocing first avoids having to call inotify_rm_watch
This even fixes a real error: We share inotifies between different instances,
so the rm_watch in the error paths destroys other legitimate watches
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This gets rid of one NT_STATUS_HAVE_NO_MEMORY with its implicit return; :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Notifyd should be as independent of Samba infrastructure as possible,
and it will call notify_inotify
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
With the notify code I've hit another case where self-sends caused
a problem. This time messages were lost because we tried to do
multiple dispatch_rec calls from within a single inotify callback.
Only the first one was being taken care of, the others did not find
receivers.
This patch makes self-sends go through the kernel as well, the
kernel queues everything nicely for us. With dgram messaging this
should be pretty fast. If it turns out to be a performance problem,
we can solve it later by doing proper queueing in user space. We
need to completely decouple any processing from callbacks.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Dec 8 16:54:51 CET 2014 on sn-devel-104
